By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

scale Web applications quickly, on an as-needed basis. All they have to do is upload a code and let Elastic Beanstalk automatically handle the deployment -- from capacity provisioning, load balancing and autoscaling to application health monitoring. At the same time, they can retain full control over the AWS resources powering the application. They can even use the Elastic Beanstalk console to access the underlying resources at any time.

That said, developing Web applications on platform as a service (PaaS) comes with vulnerabilities. Threat agents include hackers, software design flaws or poor testing methods. These can take advantage of vulnerabilities in order to infect or halt the application.

By mitigating the risks of SaaS application development on PaaS, cloud architects and developers become more aware of the significant threats to their application. These insights can then contribute to higher return on investments, simply by implementing cost-effective safeguards. They also can reduce the costs of disaster recovery by reducing the frequencies of vulnerability exploitation.

Here are five steps to start reducing your risks:

Identify assets

Identify vulnerabilities and threats

Assess risks

Fix with safeguards

Implement risk mitigation policy

Step 1. Identify assets

Identify assets associated with software-as-a-service (SaaS) application development on PaaS, then assign a value to each asset. Determine the categories where the assets should belong. Here are some examples:

Users: SaaS developers and SaaS users would both fit into this category. The value of each user group should be based on the average number of man hours spent in developing and testing the application.

These insights can then contribute to higher return on investment, simply by implementing cost-effective safeguards.

Resources: These are any resources that are used by PaaS developers to run and store the SaaS application. For example, Elastic Beanstalk leverages Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Services, Amazon Simple Notification Service, Amazon CloudWatch, Elastic Load Balancing and Auto Scaling. The value is based on pay-as-you-go for these resources. Elastic Beanstalk is free.

Security: This could mean encryption mechanisms, firewalls and industry security standards, including SecaaS (security as a service). The value is based on the man-hours used to implement security.

Documentation: Training manuals, administration guidelines, security standards, network standards, contingency planning, disaster recovery plans and service-level agreements (SLAs) are just a few examples of documentation. The value is based on the type of media used to publish the documentation -- print, online or digital media (CD).

Software: Operating systems; vulnerability testing tools; office tools (documents, spreadsheets, presentations); log analyzers; and programming languages (Java, .NET, the PHP script language, the Node.js programming language, Python and Ruby) would all qualify as software. The value is based on the purchase price or the pay-as-you-go subscription needed to develop the SaaS application on PaaS.

Step 2. Identify vulnerabilities and threats

Hackers are not the only threat agents who could take advantage of PaaS vulnerabilities. Here are other examples of threat agents:

Improper access control configurations could result in theft of the sensitive data the application is processing for storage.

Improper firewall configurations could result in accidental PaaS outages.

The vulnerability of data recovery due to the cloud characteristics of pooling and elasticity. This means resources allocated to one user would be accidentally reallocated to a different user. It is not always possible to recover data from a previous user.

Step 3. Assess risks

Users want to be assured that PaaS will be available continuously and that their demand for more traffic can be met. One method of assessing the risk of unavailability is quantitative. Some examples include:

Estimated frequency of PaaS attacks due to improper firewall configurations

Estimated frequency of not meeting performance guarantees set forth in an SLA

Estimated frequency of unsuccessful failover of network routers and switches that the support the IaaS on which the PaaS runs.

Step 4. Fix with safeguards

Implementing cost-effective safeguards is one way to mitigate the risks of SaaS application development on PaaS. Here are some examples:

The application has been properly designed with no software flaws. PaaS developers and cloud architects have the adequate skills and instructions to develop well-designed applications on the PaaS.

Access control configurations have been properly configured for users based on their different roles and/or data sensitivity. The logging option has been activated.

Firewalls have been properly configured. Intrusion detection systems and load balancers are in place. A PaaS failover mechanism policy is enforced. The traffic to and from the PaaS has been encrypted.

Step 5. Implement risk mitigation policy

The process of identifying assets, identifying vulnerabilities and threats, assessing risks, and implementing safeguards can vary from one department to another within an organization. To standardize and reduce the cost of the process, a risk mitigation policy should be implemented.

The policy should include the AWS resources, programming languages and servers that are used to develop, run and store the application on the PaaS -- in this case, Elastic Beanstalk -- and how often the policy should be reviewed due to major technology changes, as well as changes in both user and organizational requirements.

In conclusion, have a good team follow the five steps involved in mitigating the risks of SaaS application development on PaaS. A quality group of PaaS developers will help to plan ahead and determine what the cost-effective risk mitigation process should entail.

Have you had a security breach while developing a SaaS application?

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy